Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump Dependency Check to 9.0.6 so synchronization works again #19

Merged
merged 3 commits into from
Dec 24, 2023
Merged

Bump Dependency Check to 9.0.6 so synchronization works again #19

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ef7fa7c
Bump to MySQL 8.0.31
Jurrie Dec 18, 2023
89b41ae
Bump to dependency-check 9.0.6
Jurrie Dec 18, 2023
a834459
Back off requests to once every 2 hours like NVD describes
Jurrie Dec 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 3 additions & 4 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM debian:stable-20230109-slim AS supercronic
FROM debian:bullseye-slim AS supercronic

ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.2.1/supercronic-linux-amd64 \
SUPERCRONIC=supercronic-linux-amd64 \
Expand All @@ -13,7 +13,7 @@ RUN apt-get update; apt-get install -y curl \



FROM mysql:5.7.41-debian
FROM mysql:8.0.35-debian

LABEL maintainer="Stefan Neuhaus <[email protected]>"

Expand All @@ -26,7 +26,6 @@ ENV MYSQL_DATABASE=dependencycheck \
WORKDIR /dependencycheck

RUN set -ex && \
echo "deb http://http.debian.net/debian buster-backports main" >/etc/apt/sources.list.d/buster-backports.list; \
apt-get update; \
mkdir -p /usr/share/man/man1; \
apt-get install -y openjdk-11-jre-headless procps cron; \
Expand All @@ -39,7 +38,7 @@ COPY overlays/docker-entrypoint-initdb.d /docker-entrypoint-initdb.d/

RUN set -ex && \
/dependencycheck/gradlew wrapper; \
echo "0 * * * * /dependencycheck/update.sh" > /dependencycheck/database-update-schedule; \
echo "0/2 * * * * /dependencycheck/update.sh" > /dependencycheck/database-update-schedule; \
chown --recursive mysql:mysql /dependencycheck

COPY --from=supercronic /usr/local/bin/supercronic /usr/local/bin/
Expand Down
12 changes: 9 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,16 @@ In order to start the Database Server simply run
docker run -p 3306:3306 stefanneuhaus/dependencycheck-central-mysql
```

#### NVD API key

To have a faster synchronization proces, you should apply for an NVD API key.
Get one [at the NVD website](https://nvd.nist.gov/developers/request-an-api-key).
If you have one, start your Docker container with `-e NVD_API_KEY=<Your API key here>`.

### Analysis clients

All kinds of analysis clients are supported: Gradle, Maven, Ant, Jenkins, CLI. Apply the following changes to your build file:
- add buildscript dependency for `mysql:mysql-connector-java:8.0.30`
- add buildscript dependency for `com.mysql:mysql-connector-j:8.2.0`
- disable database updates triggered by your project: `autoUpdate = false`
- add database connection parameters: `data { ... }`

Expand All @@ -34,8 +40,8 @@ buildscript {
mavenCentral()
}
dependencies {
classpath 'org.owasp:dependency-check-gradle:8.0.0'
classpath 'mysql:mysql-connector-java:8.0.30'
classpath 'org.owasp:dependency-check-gradle:9.0.6'
classpath 'com.mysql:mysql-connector-j:8.2.0'
}
}

Expand Down
9 changes: 6 additions & 3 deletions overlays/dependencycheck/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,21 +18,24 @@ buildscript {
mavenCentral()
}
dependencies {
classpath 'org.owasp:dependency-check-gradle:8.0.0'
classpath 'mysql:mysql-connector-java:8.0.31'
classpath 'org.owasp:dependency-check-gradle:9.0.6'
classpath 'com.mysql:mysql-connector-j:8.2.0'
}
}

apply plugin: 'org.owasp.dependencycheck'

dependencyCheck {
cveValidForHours = 0
data {
connectionString = "jdbc:mysql://localhost:3306/dependencycheck?useSSL=false&allowPublicKeyRetrieval=true"
driver = "com.mysql.cj.jdbc.Driver"
username = "dc-update"
password = "<DC_UPDATE_PASSWORD>"
}
nvd {
validForHours = 0
apiKey = System.getenv("NVD_API_KEY") ?: ""
}
}


Expand Down
8 changes: 8 additions & 0 deletions overlays/wrapper.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,12 @@
#!/bin/sh

if [ -z "${NVD_API_KEY}" ]; then
echo "--------------------------------------------------------------------------------"
echo " Detected that environment variable NVD_API_KEY was not set."
echo " Please provide an NVD API key! Updates will be very slow without it."
echo " Visit https://nvd.nist.gov/developers/request-an-api-key to get one."
echo "--------------------------------------------------------------------------------"
fi

supercronic /dependencycheck/database-update-schedule &
/usr/local/bin/docker-entrypoint.sh --user=root
4 changes: 2 additions & 2 deletions test/project_uptodate/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ buildscript {
mavenCentral()
}
dependencies {
classpath 'org.owasp:dependency-check-gradle:8.0.0'
classpath 'mysql:mysql-connector-java:8.0.31'
classpath 'org.owasp:dependency-check-gradle:9.0.6'
classpath 'com.mysql:mysql-connector-j:8.2.0'
}
}

Expand Down